External Resource:
Office of the Under Secretary of Defense for Acquisition, Technology and Logistics
“Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013-D018); Frequently Asked Questions”  Click here or graphic below.

Frequently Asked Questions for Georgia Tech

What is DFARS?
DFARSDefense Federal Acquisition Regulation Supplement. A supplement to the FAR that provides DoD-specific acquisition regulations that DoD government acquisition officials – and those contractors doing business with DoD – must follow in the procurement process for goods and services.

What is NIST 800-171?

NIST Special Publication 800-171 – Protection Controlled Unclassified Information in Nonfederal Information Systems and Organizations (NIST 800-171)

  • The purpose of this NIST publication is to provide guidance for federal agencies to ensure that certain types of federal information is protected when processed, stored, and used in non-federal information systems.
  • NIST 800-171 applies to Controlled Unclassified Information (also called CUI) shared by the federal government with a nonfederal entity.
  • Designed to protect CUI in nonfederal IT systems from unauthorized disclosure. There are 14 families of security requirements outlined in NIST 800-171, comprising 109 individual controls.
  • Replaces the jumbled patchwork of existing agency rules.

What is Controlled Unclassified Information (CUI)?

Controlled Unclassified Information (CUI) at Georgia Tech can include, but is not limited to,:

  • Federally funded research
  • Health information
  • Student records
  • Visa records

Where can I Access the Federal Controlled Unclassified Information Registry?


Why is this important to Georgia Tech?

Georgia Tech has a number of research contracts from various sources at any one time, representing a sizable financial funding source to the research community. As competition for future research funding increases, those universities with an existing NIST 800-171 compliance program can leverage that advantage into more contracts. Consequently, a failure to meet existing compliance requirements may result in contract termination and the loss of contract funds.

How do I get a background screening?

Please go to this page on sites.gatech.edu/cui.

Who should I contact for more information?

For additional information, contact compliance@security.gatech.edu.